-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2649-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Anton Gladky May 04, 2021 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : cgal Version : 4.9-1+deb9u1 CVE ID : CVE-2020-28601 CVE-2020-28636 CVE-2020-35628 CVE-2020-35636 Four security issues have been discovered in cgal. A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL. CVE-2020-28601 An oob read vulnerability exists in Nef_2/PM_io_parser.h PM_io_parser::read_vertex() Face_of[] OOB read. An attacker can provide malicious input to trigger this vulnerability. CVE-2020-28636 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->twin() An attacker can provide malicious input to trigger this vulnerability. CVE-2020-35628 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. CVE-2020-35636 An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume(). An attacker can provide malicious input to trigger this vulnerability. For Debian 9 stretch, these problems have been fixed in version 4.9-1+deb9u1. We recommend that you upgrade your cgal packages. For the detailed security status of cgal please refer to its security tracker page at: https://security-tracker.debian.org/tracker/cgal Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmCSKqkACgkQ0+Fzg8+n /wYGPRAAkavgFuBvhoyzk9jh6dyqtg3LVeLwws53CnJwM4aUWnm+WPZqMmQR4rWr lCkjkRMM2ozKYoytfRA5UjjuhJsA16f66BxLR8CmQkRYayQaCDtRi40tbvHuem+n Qq+Z2Dc9PaP+l95myBPWwJWa+RWZrYXrw3JdwHfrRQycQnFopsZx2ghc0jjnAlC9 jAoayqdM5436DV7oH705KnKGRtgWSC2bi9uquqItyTd3pAznG1CICa0ioMM6o6Qb PfZaRnHh2uPDDds+A2gFn6+j5PYK4M2Sa8/ORCYZqCvToFpVQIc+HeFkbrXfWeOr kK86Hpr2DqjEV8CnZadAHEfVqt9/FkGKYTxdbvfW5o4GkdDxJo+HQbntn9VQ4eqB awa5I/kHopCD6WA8YkMzpKkApQOqy7+BMa3s1EDXBtbgd8BffvYeNywT2GuPzluO e4m1L+nJl1p+t/a5yu/R7glPHWGidHYR+E+ow8Q90KY3HHTZfY4edWmtf87h3Xtt SG4Mp2UjloeuiIUUWGclKzqAzATh4BNiggAB9aq8sxi7/jwYa57dT1Xw/oVTEZD5 pQRei9F3F/+y70NVzFvWz9hV5LxEtC6K8RbMFVGS9pPaZfe0RLNO7MXACV6NUbZO QnI4lFHGuh9Xb0/P/mcahci3q0X4wvXxR9FB0Z+Wo2VLMTmzPl0= =bnXH -----END PGP SIGNATURE-----